Outrage in the U.K. over plans to sell taxpayer data

British politicians and privacy activists are livid over a new proposal from the country's tax authority to sell taxpayer data to third party companies. One politician even went so far as to call the plan "borderline insane."

The new scheme would expose the personal financial data of millions of British taxpayers, selling it to private firms and researchers, ostensibly in service of the public good. But after a similar initiative to share private medical records compiled by the National Health Service (NHS) went awry last year, many in England are skeptical of this new proposal.

According to documents from Her Majesty's Revenue & Customs (HMRC), Great Britain's tax collection agency, officials are examining "charging options" that would allow private firms to pay for access to HMRC's vast pool of data.

HMRC officials promise that if the plan is executed there would be safeguards ensuring that all data is shared anonymously, with no connection between the financial records and the citizens they are attached too. According to the Guardian, the tax department also plans only to share data with companies and institutions that would study the data for "clear public benefits."

But these assurances aren't enough for critics, particularly in light of the British government's spotty history of protecting its citizens' information.

This attempt to share taxpayer data, led by Treasury Minister David Gauke, comes on the heels of the Care.data initiative that was launched by the NHS last year. Care.data was a program that allowed private firms to buy access to citizens' health records. It also was supposed to anonymise the data, but the program has now been suspended for six months over fears that citizens could be identified. It turns out the health data shared contained addresses, birth dates, NHS numbers, ethnicity and gender.

Also, HMRC itself has a problematic history of information security. The agency came under heavy scrutiny seven years ago when it lost disks containing confidential information about 25 million child benefit recipients and 15,000 bank customers.

Even if this checkered past were disregarded, privacy advocates say it's still a bad idea for the government to start selling citizens' information—one that could fundamentally damage the public's trust in the tax department.

"The officials who drew this up clearly have no idea of the risks to data in an electronic age," said Tory MP David Davis, speaking to the Guardian. "Our forefathers put these checks and balances in place when the information was kept in cardboard files, and data was therefore difficult to appropriate and misuse. It defies logic that we would remove those restraints at a time when data can be collected by the gigabyte, processed in milliseconds and transported around the world almost instantaneously."

Davis went on to call the plan "borderline insane," for its reckless disregard of citizens' privacy without a clear reason for doing so.

Plans to relax the laws around HMRC data-sharing have evidently been in the works since last summer, according to BBC. That's when Gauke and other agency officials first began discussing the idea. The conversations, however, had been kept under wraps, which critics say was a deliberate attempt to sneak the new legislation past the British public.

"Given the huge uproar about similar plans for medical records, you would have hoped HMRC would have learned that trying to sneak plans like this under the radar is not the way to build trust or develop good policy," said Emma Carr, deputy director of the civil rights advocacy group Big Brother Watch.

For now, HMRC appears to be moving forward with its initiative despite these objections. A spokesman for the agency emphasised the safeguards that would be put into place to protect privacy. Those accessing the data would have to meet the same confidentiality provisions as HMRC staff.

"Last year's consultation made it very clear that there would be a rigorous accreditation process for anyone wanting access to the data and that any access would take place in a secure environment," the spokesman said.